Headless customer login

Retired Boards Appdev Custom Storefronts

Topic summary

A developer building a headless Shopify storefront with Nuxt.js successfully retrieves products and collections via GraphQL but needs to implement customer login functionality to display order history.

Solution Provided:

  • Use the customerAccessTokenCreate mutation with email and password credentials
  • This returns a customerAccessToken object that can be used in subsequent queries/mutations
  • The token enables retrieving customer data, associating checkouts, and performing authenticated operations
  • Store the token client-side to maintain the session

Unresolved Questions:

  • Whether the token actually “logs in” the customer or just provides authentication for API calls
  • Feasibility of implementing JWT-based authentication using the returned customer access token
  • Confusion about token validity - one participant reports the token only works for mutations, not for logging users in, seeking alternative approaches

The discussion remains open with clarification needed on the token’s full capabilities and proper authentication flow.

Summarized with AI on November 12. AI used: claude-sonnet-4-5-20250929.
1

Hi All,

I am creating a headless app using nuxt.js. I have sucessfully used graphql API to retrive prodicuts/collections etc, but now I need to create a login so that users can login and can view their orders.

I have a form set up, containing the email address and password fields, but not really sure how to proceed forwards.

How is this achieved using mutation in the grapql API? I can see their is a CustomerAccessToken object.

https://help.shopify.com/en/api/storefront-api/reference/object/customeraccesstoken

Thanks

2

You can get a token by submitting that information to customerAccessTokenCreate

Docs: https://help.shopify.com/en/api/storefront-api/reference/mutation/customeraccesstokencreate

That token can be used to retrieve customer data, associate checkouts, etc

1 Like
3

Thanks! Does this token also log the customer in? or does it simply provide a token which you can then pass to another mutation?

4

Using the token in queries/mutations is the session, store it client side.

1 Like
5

can we implement JWT based on returned customerAccessToken ?
If possible, how to do this

6

Did you find a solution? Same issue, the token is only useful for mutations.

7

Hi! Could yo expand that? The access token provided is not valid to log in the user, but only to perform mutations. Any alternative?